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Abstract 


This document describes a convention for using the Cryptographic 
Message Syntax (CMS) to protect a content collection. If desired, 
attributes can be associated with the content. 


1. Introduction 


This document describes a convention for using the Cryptographic 
Message Syntax (CMS) [CMS] to protect a content collection. The 
content-collection content type is used to transfer one or more 
contents, each identified by a content type. If desired, the 
content-with-attributes content type can be used to associate 
arbitrary attributes with the content. 


The convention described in this document is not needed when CMS is 
used with MIME [MSG]. MIME multipart [MIME] provides a 
straightforward and widely deployed mechanism for carrying more than 
one content item, each associated with a MIME type. 


However, CMS is not always used with MIME. Sometimes CMS is used in 
an exclusively ASN.1 [ASN1] environment. In this case, the content- 
collection content type is used to gather more than one content item, 
each with an object identifier to specify the content type. 


In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, 


SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as 
described in [STDWORDS]. 
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1.1. Content Collect 


ion Example 


May 2005 


This section provides one simple example to illustrate the need for 


the content-collection content type. 


wants to sell one 


sale. It includes 


offer for sale, including the asking price. 
a high-quality image of the amphora. 
appraisal from a well-respected ceramics expert. 
digitally signed by the expert. 


Consider an art collector who 


of his pieces, an ancient Greek urn called an 
amphora. The collector wants to compose a digitally signed offer for 
three parts. The first part contains the owner’s 


The second part contains 
The final part contains an 

The final part is 
Figure 1 illustrates the structure, 


and the CMS SignedData content type is used for the two digital 


signatures. 
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1.2. Content with Attributes Example 


This section provides one simple example to illustrate the need for 
the content-with-attributes content type. Consider the art collector 
from the previous example. Instead of providing a single image of 
the amphora, the collector provides several images. To aid potential 
buyers, the collector attaches several attributes to each image. The 
attributes provide information about the resolution of the image, the 
date the image was taken, the photographer, and so on. Figure 2 
illustrates the collection of images, showing only two images, each 
with three attributes. This entire image content collection could be 
carried instead of the single image shown in Figure 1, allowing it to 
be covered by the collector’s digital signature. 


| | | | 
| First Image of | | Second Image of 

| the Amphora | | the Amphora 

| | | | 
| | | | 


-+------------- + | -+------------- + | 
| Attribute 2 | | Attribute 2 | 
| +--+ | +--+ 
+-+-------------—- + | +-+-------------—- + | 
| Attribute 3 | | Attribute 3 | 
| | | 
+-----------------— + +-----------------— + 
4------------------------- + $------------------------- + 
$------------------- === 5-55-55 5-5 55-5 55-5 5 5-5-5 == - + 


Figure 2. Sample use of the ContentWithAttributes Content Type 
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Content Collection Content Type 


The content-collection content type is used to transfer a collection 
of content items, each identified by a content type. The syntax 
accommodates contents with varying levels of protection. For 
example, a content collection could include CMS protection content 
types as well as unprotected content types. A content collection is 
expected to be encapsulated in one or more CMS protecting content 
types, but this is not required by this specification. 


The following object identifier names the content collection content 
type: 


id-ct-contentCollection OBJECT IDENTIFIER ::= { 
iso(1) member-body(2) us(840) rsadsi(113549) pkcs (1) 
pkcs9(9) smime (16) ct(1) 19 } 


The content-collection content has the following syntax: 
ContentCollection ::= SEQUENCE SIZE (1..MAX) OF ContentInfo 


The ContentCollection contains a sequence of ContentInfo, one for 
each content in the collection. The ContentInfo structure is defined 
in CMS. The contentType object identifier within the ContentInfo 
indicates the type of the associated content. Implementations of 
this specification SHOULD be prepared to handle object identifiers 
for the SignedData, EncryptedData, EnvelopedData, and 
AuthenticatedData content types, as specified in [CMS]. 
Implementations of this specification SHOULD also be prepared to 
handle the object identifier for the CompressedData content type as 
specified in [COMPRESS]. 


Content-with-Attributes Content Type 


The content-with-attributes content type is used to transfer a single 
content, which is identified by a content type, and a collection of 
attributes associated with that content. The syntax accommodates an 
arbitrary number of attributes; however, there must be at least one 
attribute. 


The following object identifier names the content-with-attributes 
content type: 


id-ct-contentWithAttrs OBJECT IDENTIFIER ::= { 
iso(1) member-body(2) us(840) rsadsi(113549) pkcs (1) 
pkcs9(9) smime(16) ct(1) 20 } 
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5. 


5; 


The content-with-attributes content has the following syntax: 


ContentWithAttributes ::= SEQUENCE { 
content ContentInfo, 
attrs SEQUENCE SIZE (1..MAX) OF Attribute } 


The ContentWithAttributes contains a sequence of a single ContentInfo 
item followed by a sequence of attributes. The ContentInfo structure 
is defined in CMS. The contentType object identifier within the 
ContentInfo indicates the type of the content. The Attribute 
structure was originally defined in X.501 [X501], and the definition 
is repeated in CMS. 


Security Considerations 


The content-collection content type is used to transfer one or more 
contents, each identified by a content type. The syntax accommodates 
contents with varying levels of protection. For example, a content 
collection could include CMS protection content types as well as 
unprotected content types. A content collection is expected to be 
encapsulated in one or more CMS protecting content types, but this is 
not required by this specification. As a result, implementations 
MUST be prepared to handle multiple levels of encapsulation. 


The security considerations discussed in [CMS] are relevant when CMS 
is used to protect more than one content by making use of the content 
collection content type or content with attributes content type. 
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Appendix A: ASN.1 Module 


The ASN.1 module contained in this appendix defines the structures 


that are needed to implement this specification. It is expected to 
be used in conjunction with the ASN.1 modules in [CMS] and 
[COMPRESS]. 


ContentCollectionModule 
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs (1) 
pkcs-9(9) smime (16) modules(0) 26 } 


DEFINITIONS IMPLICIT TAGS ::= 
BEGIN 


IMPORTS 
Attribute, ContentInfo 
FROM CryptographicMessageSyntax2004 -- [CMS] 
{ iso(1) member-body(2) us(840) rsadsi (113549) 
pkcs (1) pkcs-9(9) smime (16) modules(0) cms-—2001(14) }; 


-—- Content Collection Content Type and Object Identifier 
id-ct-contentCollection OBJECT IDENTIFIER ::= { 


iso(1) member-body(2) us(840) rsadsi(113549) pkcs (1) 
pkcs9(9) smime (16) ct(1) 19 } 


ContentCollection ::= SEQUENCE SIZE (1..MAX) OF ContentInfo 
-—- Content With Attributes Content Type and Object Identifier 
id-ct-contentWithAttrs OBJECT IDENTIFIER ::= { 


iso(1) member-body(2) us(840) rsadsi (113549) pkcs (1) 
pkcs9(9) smime (16) ct(1) 20 } 


ContentWithAttributes ::= SEQUENCE { 

content ContentiInfo, 

attrs SEQUENCE SIZE (1..MAX) OF Attribute } 
END 
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This document is subject to the rights, licenses and restrictions 
contained in BCP 78, and except as set forth therein, the authors 
retain all their rights. 
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this document or the extent to which any license under such rights 
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